admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-05 10:18:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-03-27T15:00:21.342025+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-03-27 15:03:54 +00:00
parent 5b7f308c4e
commit d0688d4dfe
102 changed files with 5102 additions and 1544 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1114
CVE-2009/CVE-2009-24xx/CVE-2009-2409.json
View File

File diff suppressed because it is too large Load Diff

4
CVE-2019/CVE-2019-87xx/CVE-2019-8720.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2019-8720",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-03-06T23:15:10.287",
"lastModified": "2025-01-28T22:15:07.963",
"vulnStatus": "Modified",
"lastModified": "2025-03-27T14:08:19.520",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{

10
CVE-2021/CVE-2021-325xx/CVE-2021-32559.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-32559",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-07-06T12:15:21.887",
"lastModified": "2024-11-21T06:07:16.220",
"vulnStatus": "Modified",
"lastModified": "2025-03-27T14:43:05.030",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -85,9 +85,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pywin32_project:pywin32:*:*:*:*:*:*:*:*",
"versionEndExcluding": "b301",
"matchCriteriaId": "A7171765-3E9C-47EA-88F7-98B459FF6BBC"
"criteria": "cpe:2.3:a:mhammond:pywin32:*:*:*:*:*:*:*:*",
"versionEndExcluding": "301",
"matchCriteriaId": "2A00427F-40FE-4DD4-B579-D445A84AFDB3"
}
]
}

32
CVE-2021/CVE-2021-364xx/CVE-2021-36489.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-36489",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-03T18:15:10.140",
"lastModified": "2024-11-21T06:13:45.753",
"lastModified": "2025-03-27T14:15:17.427",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-787"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [

32
CVE-2021/CVE-2021-364xx/CVE-2021-36493.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-36493",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-03T18:15:10.263",
"lastModified": "2024-11-21T06:13:46.493",
"lastModified": "2025-03-27T14:15:17.677",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-787"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [

32
CVE-2021/CVE-2021-365xx/CVE-2021-36503.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-36503",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-03T18:15:10.393",
"lastModified": "2024-11-21T06:13:46.643",
"lastModified": "2025-03-27T14:15:17.867",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-89"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [

4
CVE-2021/CVE-2021-397xx/CVE-2021-39793.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-39793",
"sourceIdentifier": "security@android.com",
"published": "2022-03-16T15:15:12.430",
"lastModified": "2025-01-29T17:15:15.360",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T13:54:06.270",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{

12
CVE-2022/CVE-2022-259xx/CVE-2022-25916.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-25916",
"sourceIdentifier": "report@snyk.io",
"published": "2023-02-01T05:15:12.063",
"lastModified": "2024-11-21T06:53:12.607",
"lastModified": "2025-03-27T14:15:18.600",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -75,6 +75,16 @@
"value": "NVD-CWE-Other"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [

4
CVE-2022/CVE-2022-288xx/CVE-2022-28810.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-28810",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-04-18T13:15:08.233",
"lastModified": "2025-01-29T17:15:19.410",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T13:58:07.507",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{

4
CVE-2022/CVE-2022-32xx/CVE-2022-3236.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-3236",
"sourceIdentifier": "security-alert@sophos.com",
"published": "2022-09-23T13:15:10.327",
"lastModified": "2025-01-28T22:15:10.673",
"vulnStatus": "Modified",
"lastModified": "2025-03-27T14:07:30.787",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{

4
CVE-2022/CVE-2022-354xx/CVE-2022-35405.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-35405",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-07-19T15:15:08.680",
"lastModified": "2025-01-28T22:15:10.200",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T13:59:59.140",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{

32
CVE-2022/CVE-2022-465xx/CVE-2022-46552.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-46552",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-02T13:15:09.487",
"lastModified": "2024-11-21T07:30:44.173",
"lastModified": "2025-03-27T14:15:19.657",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-78"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-466xx/CVE-2022-46604.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-46604",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-02T13:15:09.557",
"lastModified": "2024-11-21T07:30:48.780",
"lastModified": "2025-03-27T14:15:19.900",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-434"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [

12
CVE-2022/CVE-2022-469xx/CVE-2022-46965.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-46965",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-02T12:15:09.133",
"lastModified": "2024-11-21T07:31:20.900",
"lastModified": "2025-03-27T14:15:20.163",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -65,6 +65,16 @@
"value": "CWE-89"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [

36
CVE-2022/CVE-2022-480xx/CVE-2022-48079.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-48079",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-02T21:22:45.907",
"lastModified": "2024-11-21T07:32:48.740",
"lastModified": "2025-03-27T14:15:20.347",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "NVD-CWE-Other"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
@ -94,6 +124,10 @@
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://blog.luckysix.cc/2022/12/22/CVE-2022-48079--%E6%A2%A6%E5%A5%88%E5%AE%9D%E5%A1%94%E4%B8%BB%E6%9C%BA%E7%B3%BB%E7%BB%9FRCE/",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

4
CVE-2023/CVE-2023-209xx/CVE-2023-20963.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20963",
"sourceIdentifier": "security@android.com",
"published": "2023-03-24T20:15:10.010",
"lastModified": "2025-01-28T22:15:13.970",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T14:08:34.390",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{

22
CVE-2023/CVE-2023-238xx/CVE-2023-23846.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-23846",
"sourceIdentifier": "disclosure@synopsys.com",
"published": "2023-02-01T03:15:08.593",
"lastModified": "2024-11-21T07:46:56.763",
"lastModified": "2025-03-27T14:15:20.553",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},

24
CVE-2023/CVE-2023-249xx/CVE-2023-24977.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-24977",
"sourceIdentifier": "security@apache.org",
"published": "2023-02-01T10:15:10.197",
"lastModified": "2024-11-21T07:48:51.770",
"lastModified": "2025-03-27T14:15:20.807",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,13 +32,33 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",

4
CVE-2023/CVE-2023-295xx/CVE-2023-29552.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29552",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-25T16:15:09.537",
"lastModified": "2025-01-28T22:15:14.983",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T14:08:54.180",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{

8
CVE-2023/CVE-2023-396xx/CVE-2023-39612.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39612",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-16T01:15:07.397",
"lastModified": "2024-11-21T08:15:42.413",
"vulnStatus": "Modified",
"lastModified": "2025-03-27T14:42:46.480",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,8 +61,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:filebrowser:filebrowser:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.23.0",
"matchCriteriaId": "B368F96D-05ED-446B-BA42-68FC7F8A2269"
"versionEndExcluding": "2.25.0",
"matchCriteriaId": "A852509B-2F30-4D6E-8B86-843CB3B721C8"
}
]
}

76
CVE-2023/CVE-2023-458xx/CVE-2023-45860.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45860",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-16T10:15:08.080",
"lastModified": "2024-11-21T08:27:30.327",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T14:24:47.243",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,22 +71,66 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.1.7",
"matchCriteriaId": "28E1EBD6-4B88-42FB-9152-D7A13D08FF60"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.2.0",
"versionEndExcluding": "5.2.5",
"matchCriteriaId": "46B51F89-569F-415E-A84E-CF8240D57D2A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.3.0",
"versionEndExcluding": "5.3.5",
"matchCriteriaId": "0BAF02F2-6A4D-40D1-AFBB-F152327FECE7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/hazelcast/hazelcast/pull/25348",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/hazelcast/hazelcast/security/advisories/GHSA-8h4x-xvjp-vf99",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/hazelcast/hazelcast/pull/25348",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/hazelcast/hazelcast/security/advisories/GHSA-8h4x-xvjp-vf99",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

88
CVE-2023/CVE-2023-470xx/CVE-2023-47038.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47038",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-18T14:15:08.933",
"lastModified": "2024-11-21T08:29:38.927",
"vulnStatus": "Modified",
"lastModified": "2025-03-27T14:42:34.873",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -83,7 +83,6 @@
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -91,24 +90,55 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:perl:perl:5.34.0:*:*:*:*:*:*:*",
"matchCriteriaId": "82B3613F-2A8D-4A56-B638-D1B99AE318F8"
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.30.0",
"versionEndIncluding": "5.38.0",
"matchCriteriaId": "B51B53EA-B6C9-4B23-AEE4-F365D857C625"
}
]
},
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": false,
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_aus:9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "971CFA68-0667-40A0-81B0-51345AF8C1D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B03506D7-0FCD-47B7-90F6-DDEEB5C5A733"
}
]
}
@ -118,17 +148,24 @@
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:2228",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:3128",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-47038",
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
"Third Party Advisory",
"Broken Link"
]
},
{
@ -143,22 +180,30 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249523",
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:2228",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:3128",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-47038",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
"Third Party Advisory",
"Broken Link"
]
},
{
@ -173,16 +218,23 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249523",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

109
CVE-2024/CVE-2024-15xx/CVE-2024-1546.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1546",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-02-20T14:15:08.477",
"lastModified": "2024-11-21T08:50:47.790",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T14:35:06.873",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,54 +51,135 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
"versionEndExcluding": "115.8.0",
"matchCriteriaId": "355C0EEB-8EF2-4464-BDD4-7616AA6A65FA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*",
"versionEndExcluding": "123.0",
"matchCriteriaId": "DD7E737F-745F-4A07-B4E3-B51D2DB6C96F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.8.0",
"matchCriteriaId": "7380CBFA-8328-4F35-AE4F-46482C77BEF6"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1843752",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-05/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-06/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-07/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1843752",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-05/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-06/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-07/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

121
CVE-2024/CVE-2024-15xx/CVE-2024-1548.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1548",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-02-20T14:15:08.603",
"lastModified": "2024-11-21T08:50:48.107",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T14:36:57.067",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,54 +39,147 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
"versionEndExcluding": "115.8.0",
"matchCriteriaId": "355C0EEB-8EF2-4464-BDD4-7616AA6A65FA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*",
"versionEndExcluding": "123.0",
"matchCriteriaId": "DD7E737F-745F-4A07-B4E3-B51D2DB6C96F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.8.0",
"matchCriteriaId": "7380CBFA-8328-4F35-AE4F-46482C77BEF6"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1832627",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-05/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-06/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-07/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1832627",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-05/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-06/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-07/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

121
CVE-2024/CVE-2024-15xx/CVE-2024-1549.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1549",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-02-20T14:15:08.683",
"lastModified": "2024-11-21T08:50:48.297",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T14:37:40.907",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,54 +39,147 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
"versionEndExcluding": "115.8.0",
"matchCriteriaId": "355C0EEB-8EF2-4464-BDD4-7616AA6A65FA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*",
"versionEndExcluding": "123.0",
"matchCriteriaId": "DD7E737F-745F-4A07-B4E3-B51D2DB6C96F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.8.0",
"matchCriteriaId": "7380CBFA-8328-4F35-AE4F-46482C77BEF6"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1833814",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-05/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-06/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-07/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1833814",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-05/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-06/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-07/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

109
CVE-2024/CVE-2024-15xx/CVE-2024-1553.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1553",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-02-20T14:15:08.903",
"lastModified": "2025-03-13T15:15:40.347",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T14:39:22.487",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,54 +51,135 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
"versionEndExcluding": "115.8.0",
"matchCriteriaId": "355C0EEB-8EF2-4464-BDD4-7616AA6A65FA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*",
"versionEndExcluding": "123.0",
"matchCriteriaId": "DD7E737F-745F-4A07-B4E3-B51D2DB6C96F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.8.0",
"matchCriteriaId": "7380CBFA-8328-4F35-AE4F-46482C77BEF6"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1855686%2C1867982%2C1871498%2C1872296%2C1873521%2C1873577%2C1873597%2C1873866%2C1874080%2C1874740%2C1875795%2C1875906%2C1876425%2C1878211%2C1878286",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-05/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-06/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-07/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1855686%2C1867982%2C1871498%2C1872296%2C1873521%2C1873577%2C1873597%2C1873866%2C1874080%2C1874740%2C1875795%2C1875906%2C1876425%2C1878211%2C1878286",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-05/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-06/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-07/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

42
CVE-2024/CVE-2024-15xx/CVE-2024-1555.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1555",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-02-20T14:15:09.007",
"lastModified": "2024-11-21T08:50:49.350",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-27T14:39:50.603",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,22 +51,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "123.0",
"matchCriteriaId": "53EFE715-439C-4051-A17B-07581FB5B486"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1873223",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-05/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1873223",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-05/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

42
CVE-2024/CVE-2024-15xx/CVE-2024-1556.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1556",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-02-20T14:15:09.053",
"lastModified": "2024-11-21T08:50:49.550",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T14:40:12.433",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,22 +51,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "123.0",
"matchCriteriaId": "53EFE715-439C-4051-A17B-07581FB5B486"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1870414",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-05/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1870414",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-05/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

52
CVE-2024/CVE-2024-209xx/CVE-2024-20905.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20905",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-02-17T02:15:45.637",
"lastModified": "2024-11-21T08:53:24.207",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T14:28:16.263",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"baseScore": 2.7,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
}
]
},
@ -51,14 +71,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.2.8.0",
"matchCriteriaId": "F7B28AAE-25BE-4768-8981-4296D2EBD68D"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

52
CVE-2024/CVE-2024-250xx/CVE-2024-25083.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25083",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-16T21:15:08.260",
"lastModified": "2024-11-21T09:00:13.020",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T14:26:40.907",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.0,
"impactScore": 5.2
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -51,14 +71,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:beyondtrust:privilege_management_for_windows:*:*:*:*:*:*:*:*",
"versionEndExcluding": "24.1",
"matchCriteriaId": "CCA4D726-9CA4-40F5-8779-2DDE3E39B9CB"
}
]
}
]
}
],
"references": [
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-01",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-01",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

33
CVE-2024/CVE-2024-253xx/CVE-2024-25399.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25399",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-27T16:15:46.477",
"lastModified": "2024-11-21T09:00:44.720",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-27T14:55:13.720",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intelliants:subrion_cms:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1964CC54-4FD5-44DF-A183-0538C48EA988"
}
]
}
]
}
],
"references": [
{
"url": "https://cwe.mitre.org/data/definitions/79",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Technical Description",
"Not Applicable"
]
},
{
"url": "https://cwe.mitre.org/data/definitions/79",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Not Applicable"
]
}
]
}

62
CVE-2024/CVE-2024-254xx/CVE-2024-25466.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25466",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-16T09:15:08.663",
"lastModified": "2024-11-21T09:00:51.330",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T14:12:47.357",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,22 +71,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:react-native-documents:document_picker:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.1.1",
"matchCriteriaId": "5FBF398C-2DB2-4D3C-8032-71F1C6365495"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FixedOctocat/CVE-2024-25466/tree/main",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/rnmods/react-native-document-picker/blob/0be5a70c3b456e35c2454aaf4dc8c2d40eb2ab47/android/src/main/java/com/reactnativedocumentpicker/RNDocumentPickerModule.java",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/FixedOctocat/CVE-2024-25466/tree/main",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/rnmods/react-native-document-picker/blob/0be5a70c3b456e35c2454aaf4dc8c2d40eb2ab47/android/src/main/java/com/reactnativedocumentpicker/RNDocumentPickerModule.java",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
}
]
}

42
CVE-2024/CVE-2024-262xx/CVE-2024-26281.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26281",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-02-22T15:15:08.633",
"lastModified": "2024-11-21T09:02:17.870",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-27T14:45:24.283",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,22 +51,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "123.0",
"matchCriteriaId": "8893CD2B-7E6A-4E69-B6F9-CEC7A54D8F22"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1868005",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-08/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1868005",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-08/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

42
CVE-2024/CVE-2024-262xx/CVE-2024-26282.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26282",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-02-22T15:15:08.683",
"lastModified": "2025-03-13T17:15:29.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-27T14:46:21.830",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,22 +51,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "123.0",
"matchCriteriaId": "8893CD2B-7E6A-4E69-B6F9-CEC7A54D8F22"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1863788",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-08/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1863788",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-08/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

42
CVE-2024/CVE-2024-262xx/CVE-2024-26283.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26283",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-02-22T15:15:08.730",
"lastModified": "2024-11-21T09:02:18.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-27T14:46:58.613",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,22 +51,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "123.0",
"matchCriteriaId": "8893CD2B-7E6A-4E69-B6F9-CEC7A54D8F22"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1850158",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-08/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1850158",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-08/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

89
CVE-2024/CVE-2024-500xx/CVE-2024-50053.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-50053",
"sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02",
"published": "2025-03-21T06:15:25.003",
"lastModified": "2025-03-21T06:15:25.003",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T13:10:43.443",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.1,
"impactScore": 4.2
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
@ -49,12 +69,75 @@
"value": "CWE-79"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.9",
"matchCriteriaId": "ECE2FE6F-AC4D-49DB-A36A-8C76B77F0079"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.9:*:*:*:*:*:*:*",
"matchCriteriaId": "859CA019-8026-4178-9A31-0651A853D4E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.9:14910:*:*:*:*:*:*",
"matchCriteriaId": "BC9B5C66-E0DF-44FE-A900-A3721AF4F95D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.9",
"matchCriteriaId": "45A0B773-D293-47CA-84A4-E4918F138C3F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.9:14900:*:*:*:*:*:*",
"matchCriteriaId": "4B2B72D2-5FD7-4C7F-BE3F-CDA5064E025A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcentre_plus:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.9",
"matchCriteriaId": "7360E194-C0E4-4870-BCC1-F8E0C05E8649"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcentre_plus:14.9:14900:*:*:*:*:*:*",
"matchCriteriaId": "233B7D2B-B6A8-492B-9CB6-837C03F8355E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.manageengine.com/products/service-desk/CVE-2024-50053.html",
"source": "0fc0942c-577d-436f-ae8e-945763c79b02"
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"tags": [
"Vendor Advisory"
]
}
]
}

43
CVE-2024/CVE-2024-559xx/CVE-2024-55963.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-55963",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-26T20:15:21.253",
"lastModified": "2025-03-26T20:15:21.253",
"lastModified": "2025-03-27T14:15:21.297",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Appsmith before 1.51. A user on Appsmith that doesn't have admin permissions can trigger the restart API on Appsmith, causing a server restart. This is still within the Appsmith container, and the impact is limited to Appsmith's own server only, but there is a denial of service because it can be continually restarted. This is due to incorrect access control checks, which should check for super user permissions on the incoming request."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Appsmith antes de la versi\u00f3n 1.51. Un usuario de Appsmith sin permisos de administrador puede activar la API de reinicio, lo que provoca el reinicio del servidor. Esto ocurre dentro del contenedor de Appsmith y el impacto se limita a su propio servidor, pero se produce una denegaci\u00f3n de servicio porque puede reiniciarse continuamente. Esto se debe a comprobaciones de control de acceso incorrectas, que deber\u00edan verificar los permisos de superusuario en la solicitud entrante."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/appsmithorg/appsmith/security/advisories/GHSA-6mc8-hw5c-7qqr",

43
CVE-2024/CVE-2024-559xx/CVE-2024-55964.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-55964",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-26T20:15:21.373",
"lastModified": "2025-03-26T20:15:21.373",
"lastModified": "2025-03-27T14:15:21.467",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create a datasource, create a query against that datasource, and execute that query."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Appsmith antes de la versi\u00f3n 1.52. Una instancia de PostgreSQL configurada incorrectamente en la imagen de Appsmith provoca la ejecuci\u00f3n remota de comandos dentro del contenedor Docker de Appsmith. El atacante debe poder acceder a Appsmith, iniciar sesi\u00f3n, crear una fuente de datos, crear una consulta en dicha fuente y ejecutarla."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/appsmithorg/appsmith/security/advisories/GHSA-m95x-4w54-gc83",

43
CVE-2024/CVE-2024-559xx/CVE-2024-55965.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-55965",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-26T21:15:23.063",
"lastModified": "2025-03-26T21:15:23.063",
"lastModified": "2025-03-27T14:15:21.633",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Appsmith before 1.51. Users invited as \"App Viewer\" incorrectly have access to development information of a workspace (specifically, a list of datasources in a workspace they're a member of). This information disclosure does not expose sensitive data in the datasources, such as database passwords and API Keys."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Appsmith antes de la versi\u00f3n 1.51. Los usuarios invitados como \"Visores de la aplicaci\u00f3n\" tienen acceso incorrecto a la informaci\u00f3n de desarrollo de un espacio de trabajo (en concreto, a la lista de fuentes de datos del espacio de trabajo del que son miembros). Esta divulgaci\u00f3n de informaci\u00f3n no expone datos confidenciales de las fuentes de datos, como contrase\u00f1as de bases de datos y claves API."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/appsmithorg/appsmith/security/advisories/GHSA-794x-gm8v-2wj6",

64
CVE-2024/CVE-2024-97xx/CVE-2024-9773.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-9773",
"sourceIdentifier": "cve@gitlab.com",
"published": "2025-03-27T13:15:35.523",
"lastModified": "2025-03-27T13:15:35.523",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GitLab EE affecting all versions starting from 14.9 before 17.8.6, all versions starting from 17.9 before 17.8.3, all versions starting from 17.10 before 17.10.1. An input validation issue in the Harbor registry integration could have allowed a maintainer to add malicious code to the CLI commands shown in the UI."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en GitLab EE que afectaba a todas las versiones (desde la 14.9 hasta la 17.8.6), a todas las versiones (desde la 17.9 hasta la 17.8.3) y a todas las versiones (desde la 17.10 hasta la 17.10.1). Un problema de validaci\u00f3n de entrada en la integraci\u00f3n del registro Harbor podr\u00eda haber permitido que un responsable a\u00f1adiera c\u00f3digo malicioso a los comandos CLI mostrados en la interfaz de usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 3.7,
"baseSeverity": "LOW",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 0.6,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/498557",
"source": "cve@gitlab.com"
},
{
"url": "https://hackerone.com/reports/2671808",
"source": "cve@gitlab.com"
}
]
}

64
CVE-2025/CVE-2025-08xx/CVE-2025-0811.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2025-0811",
"sourceIdentifier": "cve@gitlab.com",
"published": "2025-03-27T13:15:36.237",
"lastModified": "2025-03-27T13:15:36.237",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Improper rendering of certain file types leads to cross-site scripting."
},
{
"lang": "es",
"value": "Se ha detectado un problema en GitLab CE/EE que afecta a todas las versiones (desde la 17.7 hasta la 17.8.6), la 17.9 hasta la 17.9.3 y la 17.10 hasta la 17.10.1. La representaci\u00f3n incorrecta de ciertos tipos de archivos provoca cross-site scripting. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/515566",
"source": "cve@gitlab.com"
},
{
"url": "https://hackerone.com/reports/2961854",
"source": "cve@gitlab.com"
}
]
}

4
CVE-2025/CVE-2025-08xx/CVE-2025-0858.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2025-0858",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2025-02-05T15:15:21.580",
"lastModified": "2025-02-05T15:15:21.580",
"lastModified": "2025-03-27T14:15:21.803",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was discovered in the firmware builds up to 8.2.1.0820 in Poly Edge E devices. The firmware flaw does not properly prevent path traversal and could lead to information disclosure."
"value": "A vulnerability was discovered in the firmware builds up to 8.2.1.0820 in certain Poly devices. The firmware flaw does not properly prevent path traversal and could lead to information disclosure."
},
{
"lang": "es",

88
CVE-2025/CVE-2025-217xx/CVE-2025-21740.json
View File

@ -2,93 +2,15 @@
"id": "CVE-2025-21740",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-27T03:15:14.630",
"lastModified": "2025-03-06T12:24:01.117",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-27T14:15:22.250",
"vulnStatus": "Rejected",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86/mmu: Ensure NX huge page recovery thread is alive before waking\n\nWhen waking a VM's NX huge page recovery thread, ensure the thread is\nactually alive before trying to wake it. Now that the thread is spawned\non-demand during KVM_RUN, a VM without a recovery thread is reachable via\nthe related module params.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000040\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n RIP: 0010:vhost_task_wake+0x5/0x10\n Call Trace:\n <TASK>\n set_nx_huge_pages+0xcc/0x1e0 [kvm]\n param_attr_store+0x8a/0xd0\n module_attr_store+0x1a/0x30\n kernfs_fop_write_iter+0x12f/0x1e0\n vfs_write+0x233/0x3e0\n ksys_write+0x60/0xd0\n do_syscall_64+0x5b/0x160\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n RIP: 0033:0x7f3b52710104\n </TASK>\n Modules linked in: kvm_intel kvm\n CR2: 0000000000000040"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: x86/mmu: Aseg\u00farese de que el subproceso de recuperaci\u00f3n de p\u00e1ginas enormes de NX est\u00e9 activo antes de reactivarlo. Al reactivar el subproceso de recuperaci\u00f3n de p\u00e1ginas enormes de NX de una m\u00e1quina virtual, aseg\u00farese de que el subproceso est\u00e9 realmente activo antes de intentar reactivarlo. Ahora que el subproceso se genera a pedido durante KVM_RUN, se puede acceder a una m\u00e1quina virtual sin un subproceso de recuperaci\u00f3n a trav\u00e9s de los par\u00e1metros del m\u00f3dulo relacionado. ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000040 #PF: acceso de lectura del supervisor en modo kernel #PF: error_code(0x0000) - p\u00e1gina no presente Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 RIP: 0010:vhost_task_wake+0x5/0x10 Rastreo de llamadas: set_nx_huge_pages+0xcc/0x1e0 [kvm] param_attr_store+0x8a/0xd0 module_attr_store+0x1a/0x30 kernfs_fop_write_iter+0x12f/0x1e0 vfs_write+0x233/0x3e0 ksys_write+0x60/0xd0 do_syscall_64+0x5b/0x160 entry_SYSCALL_64_after_hwframe+0x4b/0x53 RIP: 0033:0x7f3b52710104 M\u00f3dulos vinculados en: kvm_intel kvm CR2: 000000000000040"
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*",
"matchCriteriaId": "186716B6-2B66-4BD0-852E-D48E71C0C85F"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/2b3928b7c896e5a9fb6b1373924adafe8e01a0c6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/43fb96ae78551d7bfa4ecca956b258f085d67c40",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/974f85f1f7eb7dc7fce0988046e06eeccab576a7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
"metrics": {},
"references": []
}

112
CVE-2025/CVE-2025-217xx/CVE-2025-21755.json
View File

@ -2,117 +2,15 @@
"id": "CVE-2025-21755",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-27T03:15:16.150",
"lastModified": "2025-03-13T13:15:52.260",
"vulnStatus": "Modified",
"lastModified": "2025-03-27T14:15:42.423",
"vulnStatus": "Rejected",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Orphan socket after transport release\n\nDuring socket release, sock_orphan() is called without considering that it\nsets sk->sk_wq to NULL. Later, if SO_LINGER is enabled, this leads to a\nnull pointer dereferenced in virtio_transport_wait_close().\n\nOrphan the socket only after transport release.\n\nPartially reverts the 'Fixes:' commit.\n\nKASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\n lock_acquire+0x19e/0x500\n _raw_spin_lock_irqsave+0x47/0x70\n add_wait_queue+0x46/0x230\n virtio_transport_release+0x4e7/0x7f0\n __vsock_release+0xfd/0x490\n vsock_release+0x90/0x120\n __sock_release+0xa3/0x250\n sock_close+0x14/0x20\n __fput+0x35e/0xa90\n __x64_sys_close+0x78/0xd0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vsock: socket hu\u00e9rfano despu\u00e9s de la liberaci\u00f3n del transporte Durante la liberaci\u00f3n del socket, se llama a sock_orphan() sin tener en cuenta que establece sk-&gt;sk_wq en NULL. M\u00e1s tarde, si se habilita SO_LINGER, esto conduce a un puntero nulo desreferenciado en virtio_transport_wait_close(). Deja hu\u00e9rfano el socket solo despu\u00e9s de la liberaci\u00f3n del transporte. Revierte parcialmente el commit 'Fixes:'. KASAN: desreferencia de punto nulo en el rango [0x0000000000000018-0x0000000000000001f] lock_acquire+0x19e/0x500 _raw_spin_lock_irqsave+0x47/0x70 add_wait_queue+0x46/0x230 virtio_transport_release+0x4e7/0x7f0 __vsock_release+0xfd/0x490 vsock_release+0x90/0x120 __sock_release+0xa3/0x250 sock_close+0x14/0x20 __fput+0x35e/0xa90 __x64_sys_close+0x78/0xd0 do_syscall_64+0x93/0x1b0 entry_SYSCALL_64_after_hwframe+0x76/0x7e"
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*",
"matchCriteriaId": "186716B6-2B66-4BD0-852E-D48E71C0C85F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0D3E781C-403A-498F-9DA9-ECEE50F41E75"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/3a866f8376f0a5c848dcb59cd26df845fffbe6d8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/631e00fdac7acca676103d6cbc96eb152625f449",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/78dafe1cf3afa02ed71084b350713b07e72a18fb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/94d81870eec7ad2dd7af80bffd314ded26caea1a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bab61f41c942a20ef7b4feea50e9d36d19ad1a26",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c6acb650a73d5705a93b9c5a2cd5e9c8161f0be3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f3b8e9d3414b2eb083d8293be25a949fe480897b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
"metrics": {},
"references": []
}

37
CVE-2025/CVE-2025-218xx/CVE-2025-21867.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2025-21867",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-03-27T14:15:47.750",
"lastModified": "2025-03-27T14:15:47.750",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, test_run: Fix use-after-free issue in eth_skb_pkt_type()\n\nKMSAN reported a use-after-free issue in eth_skb_pkt_type()[1]. The\ncause of the issue was that eth_skb_pkt_type() accessed skb's data\nthat didn't contain an Ethernet header. This occurs when\nbpf_prog_test_run_xdp() passes an invalid value as the user_data\nargument to bpf_test_init().\n\nFix this by returning an error when user_data is less than ETH_HLEN in\nbpf_test_init(). Additionally, remove the check for \"if (user_size >\nsize)\" as it is unnecessary.\n\n[1]\nBUG: KMSAN: use-after-free in eth_skb_pkt_type include/linux/etherdevice.h:627 [inline]\nBUG: KMSAN: use-after-free in eth_type_trans+0x4ee/0x980 net/ethernet/eth.c:165\n eth_skb_pkt_type include/linux/etherdevice.h:627 [inline]\n eth_type_trans+0x4ee/0x980 net/ethernet/eth.c:165\n __xdp_build_skb_from_frame+0x5a8/0xa50 net/core/xdp.c:635\n xdp_recv_frames net/bpf/test_run.c:272 [inline]\n xdp_test_run_batch net/bpf/test_run.c:361 [inline]\n bpf_test_run_xdp_live+0x2954/0x3330 net/bpf/test_run.c:390\n bpf_prog_test_run_xdp+0x148e/0x1b10 net/bpf/test_run.c:1318\n bpf_prog_test_run+0x5b7/0xa30 kernel/bpf/syscall.c:4371\n __sys_bpf+0x6a6/0xe20 kernel/bpf/syscall.c:5777\n __do_sys_bpf kernel/bpf/syscall.c:5866 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:5864 [inline]\n __x64_sys_bpf+0xa4/0xf0 kernel/bpf/syscall.c:5864\n x64_sys_call+0x2ea0/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:322\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n free_pages_prepare mm/page_alloc.c:1056 [inline]\n free_unref_page+0x156/0x1320 mm/page_alloc.c:2657\n __free_pages+0xa3/0x1b0 mm/page_alloc.c:4838\n bpf_ringbuf_free kernel/bpf/ringbuf.c:226 [inline]\n ringbuf_map_free+0xff/0x1e0 kernel/bpf/ringbuf.c:235\n bpf_map_free kernel/bpf/syscall.c:838 [inline]\n bpf_map_free_deferred+0x17c/0x310 kernel/bpf/syscall.c:862\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa2b/0x1b60 kernel/workqueue.c:3310\n worker_thread+0xedf/0x1550 kernel/workqueue.c:3391\n kthread+0x535/0x6b0 kernel/kthread.c:389\n ret_from_fork+0x6e/0x90 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\nCPU: 1 UID: 0 PID: 17276 Comm: syz.1.16450 Not tainted 6.12.0-05490-g9bb88c659673 #8\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1a9e1284e87d59b1303b69d1808d310821d6e5f7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6b3d638ca897e099fa99bd6d02189d3176f80a47",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/972bafed67ca73ad9a56448384281eb5fd5c0ba3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d56d8a23d95100b65f40438639dd82db2af81c11",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f615fccfc689cb48977d275ac2e391297b52392b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2025/CVE-2025-218xx/CVE-2025-21868.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2025-21868",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-03-27T14:15:47.873",
"lastModified": "2025-03-27T14:15:47.873",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: allow small head cache usage with large MAX_SKB_FRAGS values\n\nSabrina reported the following splat:\n\n WARNING: CPU: 0 PID: 1 at net/core/dev.c:6935 netif_napi_add_weight_locked+0x8f2/0xba0\n Modules linked in:\n CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.14.0-rc1-net-00092-g011b03359038 #996\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\n RIP: 0010:netif_napi_add_weight_locked+0x8f2/0xba0\n Code: e8 c3 e6 6a fe 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc c7 44 24 10 ff ff ff ff e9 8f fb ff ff e8 9e e6 6a fe <0f> 0b e9 d3 fe ff ff e8 92 e6 6a fe 48 8b 04 24 be ff ff ff ff 48\n RSP: 0000:ffffc9000001fc60 EFLAGS: 00010293\n RAX: 0000000000000000 RBX: ffff88806ce48128 RCX: 1ffff11001664b9e\n RDX: ffff888008f00040 RSI: ffffffff8317ca42 RDI: ffff88800b325cb6\n RBP: ffff88800b325c40 R08: 0000000000000001 R09: ffffed100167502c\n R10: ffff88800b3a8163 R11: 0000000000000000 R12: ffff88800ac1c168\n R13: ffff88800ac1c168 R14: ffff88800ac1c168 R15: 0000000000000007\n FS: 0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: ffff888008201000 CR3: 0000000004c94001 CR4: 0000000000370ef0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n <TASK>\n gro_cells_init+0x1ba/0x270\n xfrm_input_init+0x4b/0x2a0\n xfrm_init+0x38/0x50\n ip_rt_init+0x2d7/0x350\n ip_init+0xf/0x20\n inet_init+0x406/0x590\n do_one_initcall+0x9d/0x2e0\n do_initcalls+0x23b/0x280\n kernel_init_freeable+0x445/0x490\n kernel_init+0x20/0x1d0\n ret_from_fork+0x46/0x80\n ret_from_fork_asm+0x1a/0x30\n </TASK>\n irq event stamp: 584330\n hardirqs last enabled at (584338): [<ffffffff8168bf87>] __up_console_sem+0x77/0xb0\n hardirqs last disabled at (584345): [<ffffffff8168bf6c>] __up_console_sem+0x5c/0xb0\n softirqs last enabled at (583242): [<ffffffff833ee96d>] netlink_insert+0x14d/0x470\n softirqs last disabled at (583754): [<ffffffff8317c8cd>] netif_napi_add_weight_locked+0x77d/0xba0\n\non kernel built with MAX_SKB_FRAGS=45, where SKB_WITH_OVERHEAD(1024)\nis smaller than GRO_MAX_HEAD.\n\nSuch built additionally contains the revert of the single page frag cache\nso that napi_get_frags() ends up using the page frag allocator, triggering\nthe splat.\n\nNote that the underlying issue is independent from the mentioned\nrevert; address it ensuring that the small head cache will fit either TCP\nand GRO allocation and updating napi_alloc_skb() and __netdev_alloc_skb()\nto select kmalloc() usage for any allocation fitting such cache."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/14ad6ed30a10afbe91b0749d6378285f4225d482",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/648e440c98e260dec835e48a5d7a9993477b1f9d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ed0ca7d2127c63991cfaf1932b827e3f4f8ee480",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2025/CVE-2025-218xx/CVE-2025-21869.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2025-21869",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-03-27T14:15:48.247",
"lastModified": "2025-03-27T14:15:48.247",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/code-patching: Disable KASAN report during patching via temporary mm\n\nErhard reports the following KASAN hit on Talos II (power9) with kernel 6.13:\n\n[ 12.028126] ==================================================================\n[ 12.028198] BUG: KASAN: user-memory-access in copy_to_kernel_nofault+0x8c/0x1a0\n[ 12.028260] Write of size 8 at addr 0000187e458f2000 by task systemd/1\n\n[ 12.028346] CPU: 87 UID: 0 PID: 1 Comm: systemd Tainted: G T 6.13.0-P9-dirty #3\n[ 12.028408] Tainted: [T]=RANDSTRUCT\n[ 12.028446] Hardware name: T2P9D01 REV 1.01 POWER9 0x4e1202 opal:skiboot-bc106a0 PowerNV\n[ 12.028500] Call Trace:\n[ 12.028536] [c000000008dbf3b0] [c000000001656a48] dump_stack_lvl+0xbc/0x110 (unreliable)\n[ 12.028609] [c000000008dbf3f0] [c0000000006e2fc8] print_report+0x6b0/0x708\n[ 12.028666] [c000000008dbf4e0] [c0000000006e2454] kasan_report+0x164/0x300\n[ 12.028725] [c000000008dbf600] [c0000000006e54d4] kasan_check_range+0x314/0x370\n[ 12.028784] [c000000008dbf640] [c0000000006e6310] __kasan_check_write+0x20/0x40\n[ 12.028842] [c000000008dbf660] [c000000000578e8c] copy_to_kernel_nofault+0x8c/0x1a0\n[ 12.028902] [c000000008dbf6a0] [c0000000000acfe4] __patch_instructions+0x194/0x210\n[ 12.028965] [c000000008dbf6e0] [c0000000000ade80] patch_instructions+0x150/0x590\n[ 12.029026] [c000000008dbf7c0] [c0000000001159bc] bpf_arch_text_copy+0x6c/0xe0\n[ 12.029085] [c000000008dbf800] [c000000000424250] bpf_jit_binary_pack_finalize+0x40/0xc0\n[ 12.029147] [c000000008dbf830] [c000000000115dec] bpf_int_jit_compile+0x3bc/0x930\n[ 12.029206] [c000000008dbf990] [c000000000423720] bpf_prog_select_runtime+0x1f0/0x280\n[ 12.029266] [c000000008dbfa00] [c000000000434b18] bpf_prog_load+0xbb8/0x1370\n[ 12.029324] [c000000008dbfb70] [c000000000436ebc] __sys_bpf+0x5ac/0x2e00\n[ 12.029379] [c000000008dbfd00] [c00000000043a228] sys_bpf+0x28/0x40\n[ 12.029435] [c000000008dbfd20] [c000000000038eb4] system_call_exception+0x334/0x610\n[ 12.029497] [c000000008dbfe50] [c00000000000c270] system_call_vectored_common+0xf0/0x280\n[ 12.029561] --- interrupt: 3000 at 0x3fff82f5cfa8\n[ 12.029608] NIP: 00003fff82f5cfa8 LR: 00003fff82f5cfa8 CTR: 0000000000000000\n[ 12.029660] REGS: c000000008dbfe80 TRAP: 3000 Tainted: G T (6.13.0-P9-dirty)\n[ 12.029735] MSR: 900000000280f032 <SF,HV,VEC,VSX,EE,PR,FP,ME,IR,DR,RI> CR: 42004848 XER: 00000000\n[ 12.029855] IRQMASK: 0\n GPR00: 0000000000000169 00003fffdcf789a0 00003fff83067100 0000000000000005\n GPR04: 00003fffdcf78a98 0000000000000090 0000000000000000 0000000000000008\n GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000\n GPR12: 0000000000000000 00003fff836ff7e0 c000000000010678 0000000000000000\n GPR16: 0000000000000000 0000000000000000 00003fffdcf78f28 00003fffdcf78f90\n GPR20: 0000000000000000 0000000000000000 0000000000000000 00003fffdcf78f80\n GPR24: 00003fffdcf78f70 00003fffdcf78d10 00003fff835c7239 00003fffdcf78bd8\n GPR28: 00003fffdcf78a98 0000000000000000 0000000000000000 000000011f547580\n[ 12.030316] NIP [00003fff82f5cfa8] 0x3fff82f5cfa8\n[ 12.030361] LR [00003fff82f5cfa8] 0x3fff82f5cfa8\n[ 12.030405] --- interrupt: 3000\n[ 12.030444] ==================================================================\n\nCommit c28c15b6d28a (\"powerpc/code-patching: Use temporary mm for\nRadix MMU\") is inspired from x86 but unlike x86 is doesn't disable\nKASAN reports during patching. This wasn't a problem at the begining\nbecause __patch_mem() is not instrumented.\n\nCommit 465cabc97b42 (\"powerpc/code-patching: introduce\npatch_instructions()\") use copy_to_kernel_nofault() to copy several\ninstructions at once. But when using temporary mm the destination is\nnot regular kernel memory but a kind of kernel-like memory located\nin user address space. \n---truncated---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/5980d4456dd66d1b6505d5ec15048bd87e8775e0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dc9c5166c3cb044f8a001e397195242fd6796eee",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ea291447a4031f3dac5c23d55bc83fe833820d84",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2025/CVE-2025-218xx/CVE-2025-21870.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2025-21870",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-03-27T14:15:48.543",
"lastModified": "2025-03-27T14:15:48.543",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers\n\nOther, non DAI copier widgets could have the same stream name (sname) as\nthe ALH copier and in that case the copier->data is NULL, no alh_data is\nattached, which could lead to NULL pointer dereference.\nWe could check for this NULL pointer in sof_ipc4_prepare_copier_module()\nand avoid the crash, but a similar loop in sof_ipc4_widget_setup_comp_dai()\nwill miscalculate the ALH device count, causing broken audio.\n\nThe correct fix is to harden the matching logic by making sure that the\n1. widget is a DAI widget - so dai = w->private is valid\n2. the dai (and thus the copier) is ALH copier"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/6fd60136d256b3b948333ebdb3835f41a95ab7ef",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/87c8768a96092ce75cd47fe076db5080db7ac515",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/93c6c2e5801aab09ef1ef99f248f3cd323c3f152",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2025/CVE-2025-218xx/CVE-2025-21871.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2025-21871",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-03-27T14:15:48.860",
"lastModified": "2025-03-27T14:15:48.860",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntee: optee: Fix supplicant wait loop\n\nOP-TEE supplicant is a user-space daemon and it's possible for it\nbe hung or crashed or killed in the middle of processing an OP-TEE\nRPC call. It becomes more complicated when there is incorrect shutdown\nordering of the supplicant process vs the OP-TEE client application which\ncan eventually lead to system hang-up waiting for the closure of the\nclient application.\n\nAllow the client process waiting in kernel for supplicant response to\nbe killed rather than indefinitely waiting in an unkillable state. Also,\na normal uninterruptible wait should not have resulted in the hung-task\nwatchdog getting triggered, but the endless loop would.\n\nThis fixes issues observed during system reboot/shutdown when supplicant\ngot hung for some reason or gets crashed/killed which lead to client\ngetting hung in an unkillable state. It in turn lead to system being in\nhung up state requiring hard power off/on to recover."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0180cf0373f84fff61b16f8c062553a13dd7cfca",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/21234efe2a8474a6d2d01ea9573319de7858ce44",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3eb4911364c764572e9db4ab900a57689a54e8ce",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/70b0d6b0a199c5a3ee6c72f5e61681ed6f759612",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c0a9a948159153be145f9471435695373904ee6d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d61cc1a435e6894bfb0dd3370c6f765d2d12825d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ec18520f5edc20a00c34a8c9fdd6507c355e880f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fd9d2d6124c293e40797a080adf8a9c237efd8b8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

56
CVE-2025/CVE-2025-226xx/CVE-2025-22672.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-22672",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-03-27T14:15:49.080",
"lastModified": "2025-03-27T14:15:49.080",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member allows Server Side Request Forgery.This issue affects Video & Photo Gallery for Ultimate Member: from n/a through 1.1.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/gallery-for-ultimate-member/vulnerability/wordpress-video-photo-gallery-for-ultimate-member-plugin-1-1-2-server-side-request-forgery-ssrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-226xx/CVE-2025-22673.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-22673",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-03-27T14:15:49.250",
"lastModified": "2025-03-27T14:15:49.250",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in WPFactory EAN for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EAN for WooCommerce: from n/a through 5.3.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/ean-for-woocommerce/vulnerability/wordpress-ean-barcode-generator-5-3-5-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-227xx/CVE-2025-22770.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-22770",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-03-27T14:15:49.417",
"lastModified": "2025-03-27T14:15:49.417",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in EnvoThemes Envo Multipurpose allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envo Multipurpose: from n/a through 1.1.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/theme/envo-multipurpose/vulnerability/wordpress-envo-multipurpose-theme-1-1-6-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-228xx/CVE-2025-22816.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-22816",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-03-27T14:15:49.570",
"lastModified": "2025-03-27T14:15:49.570",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeTrendy Power Mag allows DOM-Based XSS.This issue affects Power Mag: from n/a through 1.1.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/theme/power-mag/vulnerability/wordpress-power-mag-theme-1-1-5-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

60
CVE-2025/CVE-2025-22xx/CVE-2025-2242.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-2242",
"sourceIdentifier": "cve@gitlab.com",
"published": "2025-03-27T13:15:36.387",
"lastModified": "2025-03-27T13:15:36.387",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in GitLab CE/EE affecting all versions from 17.4 prior to 17.8.6, 17.9 prior to 17.9.3, and 17.10 prior to 17.10.1 allows a user who was an instance admin before but has since been downgraded to a regular user to continue to maintain elevated privileges to groups and projects."
},
{
"lang": "es",
"value": "Una vulnerabilidad de control de acceso inadecuado en GitLab CE/EE que afecta a todas las versiones desde la 17.4 anterior a la 17.8.6, la 17.9 anterior a la 17.9.3 y la 17.10 anterior a la 17.10.1 permite que un usuario que antes era administrador de instancia, pero que desde entonces ha sido degradado a usuario normal, contin\u00fae manteniendo privilegios elevados en grupos y proyectos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/516271",
"source": "cve@gitlab.com"
}
]
}

64
CVE-2025/CVE-2025-22xx/CVE-2025-2255.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2025-2255",
"sourceIdentifier": "cve@gitlab.com",
"published": "2025-03-27T13:15:36.520",
"lastModified": "2025-03-27T13:15:36.520",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in Gitlab EE/CE for AppSec affecting all versions from 13.5.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Certain error messages could allow Cross-Site Scripting attacks (XSS). for AppSec."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Gitlab EE/CE para AppSec que afecta a todas las versiones desde la 13.5.0 hasta la 17.8.6, la 17.9 hasta la 17.9.3 y la 17.10 hasta la 17.10.1. Algunos mensajes de error podr\u00edan permitir ataques de Cross-Site Scripting (XSS) para AppSec."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/524635",
"source": "cve@gitlab.com"
},
{
"url": "https://hackerone.com/reports/2994150",
"source": "cve@gitlab.com"
}
]
}

79
CVE-2025/CVE-2025-249xx/CVE-2025-24920.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-24920",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2025-03-21T09:15:12.633",
"lastModified": "2025-03-21T09:15:12.633",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T14:10:53.500",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
@ -49,12 +69,65 @@
"value": "CWE-863"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.11.0",
"versionEndExcluding": "9.11.9",
"matchCriteriaId": "57EEC13C-37D1-4FAA-B956-AC335CACA543"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.3.0",
"versionEndExcluding": "10.3.4",
"matchCriteriaId": "30CC0EAB-1BB6-44B7-8529-968C2D710750"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.4.0",
"versionEndExcluding": "10.4.3",
"matchCriteriaId": "F2ACE54D-3EC6-4AC9-B243-35E8FFBE0EA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.5.0",
"versionEndExcluding": "10.5.1",
"matchCriteriaId": "6E8D69BD-C81D-4B1D-BA8B-AC84DEB30208"
}
]
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
"source": "responsibledisclosure@mattermost.com",
"tags": [
"Vendor Advisory"
]
}
]
}

79
CVE-2025/CVE-2025-250xx/CVE-2025-25068.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-25068",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2025-03-21T09:15:12.817",
"lastModified": "2025-03-21T09:15:12.817",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T14:03:38.970",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -49,12 +69,65 @@
"value": "CWE-306"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.11.0",
"versionEndExcluding": "9.11.9",
"matchCriteriaId": "57EEC13C-37D1-4FAA-B956-AC335CACA543"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.3.0",
"versionEndExcluding": "10.3.4",
"matchCriteriaId": "30CC0EAB-1BB6-44B7-8529-968C2D710750"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.4.0",
"versionEndExcluding": "10.4.3",
"matchCriteriaId": "F2ACE54D-3EC6-4AC9-B243-35E8FFBE0EA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.5.0",
"versionEndExcluding": "10.5.1",
"matchCriteriaId": "6E8D69BD-C81D-4B1D-BA8B-AC84DEB30208"
}
]
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
"source": "responsibledisclosure@mattermost.com",
"tags": [
"Vendor Advisory"
]
}
]
}

56
CVE-2025/CVE-2025-250xx/CVE-2025-25086.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-25086",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-03-27T14:15:49.737",
"lastModified": "2025-03-27T14:15:49.737",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Secret Meta allows Reflected XSS.This issue affects Secret Meta: from n/a through 1.2.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/facebook-secret-meta/vulnerability/wordpress-secret-meta-plugin-1-2-1-csrf-to-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-251xx/CVE-2025-25100.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-25100",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-03-27T14:15:50.743",
"lastModified": "2025-03-27T14:15:50.743",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in victoracano Cazamba allows Reflected XSS.This issue affects Cazamba: from n/a through 1.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/cazamba/vulnerability/wordpress-cazamba-plugin-1-2-csrf-to-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

43
CVE-2025/CVE-2025-255xx/CVE-2025-25535.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-25535",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-26T19:15:27.030",
"lastModified": "2025-03-26T19:15:27.030",
"lastModified": "2025-03-27T14:15:50.897",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HTTP Response Manipulation in SCRIPT CASE v.1.0.002 Build7 allows a remote attacker to escalate privileges via a crafted request."
},
{
"lang": "es",
"value": "La manipulaci\u00f3n de la respuesta HTTP en SCRIPT CASE v.1.0.002 Build7 permite que un atacante remoto escale privilegios a trav\u00e9s de una solicitud manipulada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/simalamuel/Research/tree/main/CVE-2025-25535",

77
CVE-2025/CVE-2025-25xx/CVE-2025-2581.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-2581",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-03-21T05:15:38.280",
"lastModified": "2025-03-21T05:15:38.280",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T13:24:49.403",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -63,7 +63,7 @@
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
@ -80,6 +80,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
@ -122,24 +142,67 @@
"value": "CWE-191"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-191"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xmedcon_project:xmedcon:0.25.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C332C350-9E90-4358-8051-16668486D95C"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.300541",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.300541",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.522216",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://xmedcon.sourceforge.io/Main/New",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product",
"VDB Entry"
]
}
]
}

43
CVE-2025/CVE-2025-260xx/CVE-2025-26001.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-26001",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-26T19:15:27.133",
"lastModified": "2025-03-26T19:15:27.133",
"lastModified": "2025-03-27T14:15:51.067",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Telesquare TLR-2005KSH 1.1.4 is vulnerable to Information Disclosure via the parameter getUserNamePassword."
},
{
"lang": "es",
"value": "Telesquare TLR-2005KSH 1.1.4 es vulnerable a la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del par\u00e1metro getUserNamePassword."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Fan-24/Digging/blob/main/1/1.md",

43
CVE-2025/CVE-2025-260xx/CVE-2025-26002.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-26002",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-26T19:15:27.230",
"lastModified": "2025-03-26T19:15:27.230",
"lastModified": "2025-03-27T14:15:51.240",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setSyncTimeHost."
},
{
"lang": "es",
"value": "Telesquare TLR-2005KSH 1.1.4 se ve afectado por una vulnerabilidad de desbordamiento de pila no autorizado al solicitar el par\u00e1metro admin.cgi con setSyncTimeHost."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Fan-24/Digging/blob/main/3/1.md",

43
CVE-2025/CVE-2025-260xx/CVE-2025-26003.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-26003",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-26T19:15:27.320",
"lastModified": "2025-03-26T19:15:27.320",
"lastModified": "2025-03-27T14:15:51.417",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized command execution vulnerability when requesting the admin.cgi parameter with setAutorest."
},
{
"lang": "es",
"value": "Telesquare TLR-2005KSH 1.1.4 se ve afectado por una vulnerabilidad de ejecuci\u00f3n de comandos no autorizados al solicitar el par\u00e1metro admin.cgi con setAutorest."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Fan-24/Digging/blob/main/5/1.md",

43
CVE-2025/CVE-2025-260xx/CVE-2025-26004.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-26004",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-26T19:15:27.413",
"lastModified": "2025-03-26T19:15:27.413",
"lastModified": "2025-03-27T14:15:51.593",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack buffer overflow vulnerability when requesting admin.cgi parameter with setDdns."
},
{
"lang": "es",
"value": "Telesquare TLR-2005KSH 1.1.4 es vulnerable a una vulnerabilidad de desbordamiento de b\u00fafer de pila no autorizado cuando solicita el par\u00e1metro admin.cgi con setDdns."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Fan-24/Digging/blob/main/6/1.md",

43
CVE-2025/CVE-2025-260xx/CVE-2025-26005.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-26005",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-26T20:15:21.630",
"lastModified": "2025-03-26T20:15:21.630",
"lastModified": "2025-03-27T14:15:51.767",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack overflow vulnerability when requesting admin.cgi parameter with setNtp."
},
{
"lang": "es",
"value": "Telesquare TLR-2005KSH 1.1.4 es vulnerable a una vulnerabilidad de desbordamiento de pila no autorizado al solicitar el par\u00e1metro admin.cgi con setNtp."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Fan-24/Digging/blob/main/7/1.md",

43
CVE-2025/CVE-2025-260xx/CVE-2025-26006.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-26006",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-26T20:15:21.727",
"lastModified": "2025-03-26T20:15:21.727",
"lastModified": "2025-03-27T14:15:51.940",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setAutorest."
},
{
"lang": "es",
"value": "Telesquare TLR-2005KSH 1.1.4 tiene una vulnerabilidad de desbordamiento de pila no autorizado al solicitar el par\u00e1metro admin.cgi con setAutorest."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Fan-24/Digging/blob/main/4/1.md",

43
CVE-2025/CVE-2025-260xx/CVE-2025-26007.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-26007",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-26T20:15:21.817",
"lastModified": "2025-03-26T20:15:21.817",
"lastModified": "2025-03-27T14:15:52.110",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability in the login interface when requesting systemtil.cgi."
},
{
"lang": "es",
"value": "Telesquare TLR-2005KSH 1.1.4 tiene una vulnerabilidad de desbordamiento de pila no autorizado en la interfaz de inicio de sesi\u00f3n al solicitar systemtil.cgi."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Fan-24/Digging/blob/main/10/1.md",

43
CVE-2025/CVE-2025-260xx/CVE-2025-26008.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-26008",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-26T20:15:21.900",
"lastModified": "2025-03-26T20:15:21.900",
"lastModified": "2025-03-27T14:15:52.287",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Telesquare TLR-2005KSH 1.1.4, an unauthorized stack overflow vulnerability exists when requesting admin.cgi parameter with setSyncTimeHost."
},
{
"lang": "es",
"value": "En Telesquare TLR-2005KSH 1.1.4, existe una vulnerabilidad de desbordamiento de pila no autorizado al solicitar el par\u00e1metro admin.cgi con setSyncTimeHost."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Fan-24/Digging/blob/main/2/1.md",

43
CVE-2025/CVE-2025-260xx/CVE-2025-26009.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-26009",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-26T20:15:21.990",
"lastModified": "2025-03-26T20:15:21.990",
"lastModified": "2025-03-27T14:15:52.463",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Telesquare TLR-2005KSH 1.1.4 has an Information Disclosure vulnerability when requesting systemutilit.cgi."
},
{
"lang": "es",
"value": "Telesquare TLR-2005KSH 1.1.4 tiene una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n al solicitar systemutilit.cgi."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Fan-24/Digging/blob/main/11/1.md",

43
CVE-2025/CVE-2025-260xx/CVE-2025-26010.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-26010",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-26T20:15:22.087",
"lastModified": "2025-03-26T20:15:22.087",
"lastModified": "2025-03-27T14:15:52.640",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Telesquare TLR-2005KSH 1.1.4 allows unauthorized password modification when requesting the admin.cgi parameter with setUserNamePassword."
},
{
"lang": "es",
"value": "Telesquare TLR-2005KSH 1.1.4 permite la modificaci\u00f3n de contrase\u00f1a no autorizada cuando se solicita el par\u00e1metro admin.cgi con setUserNamePassword."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Fan-24/Digging/blob/main/9/1.md",

43
CVE-2025/CVE-2025-260xx/CVE-2025-26011.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-26011",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-26T20:15:22.173",
"lastModified": "2025-03-26T20:15:22.173",
"lastModified": "2025-03-27T14:15:52.820",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setUsernamePassword."
},
{
"lang": "es",
"value": "Telesquare TLR-2005KSH 1.1.4 tiene una vulnerabilidad de desbordamiento de pila no autorizado al solicitar el par\u00e1metro admin.cgi con setUsernamePassword."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Fan-24/Digging/blob/main/8/1.md",

90
CVE-2025/CVE-2025-266xx/CVE-2025-26619.json Normal file
View File

@ -0,0 +1,90 @@
{
"id": "CVE-2025-26619",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-03-27T14:15:52.987",
"lastModified": "2025-03-27T14:15:52.987",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In `vega` 5.30.0 and lower and in `vega-functions` 5.15.0 and lower , it was possible to call JavaScript functions from the Vega expression language that were not meant to be supported. The issue is patched in `vega` `5.31.0` and `vega-functions` `5.16.0`. Some workarounds are available. Run `vega` without `vega.expressionInterpreter`. This mode is not the default as it is slower. Alternatively, using the interpreter described in CSP safe mode (Content Security Policy) prevents arbitrary Javascript from running, so users of this mode are not affected by this vulnerability."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/vega/vega-lite/issues/9469",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/vega/vega/commit/8fc129a6f8a11e96449c4ac0f63de0e5bfc7254c",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/vega/vega/issues/3984",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/vega/vega/security/advisories/GHSA-rcw3-wmx7-cphr",
"source": "security-advisories@github.com"
}
]
}

56
CVE-2025/CVE-2025-267xx/CVE-2025-26731.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-26731",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-03-27T14:15:53.140",
"lastModified": "2025-03-27T14:15:53.140",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Repute Infosystems ARPrice allows Stored XSS.This issue affects ARPrice: from n/a through 4.1.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/arprice/vulnerability/wordpress-arprice-plugin-4-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-267xx/CVE-2025-26732.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-26732",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-03-27T14:15:53.293",
"lastModified": "2025-03-27T14:15:53.293",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BurgerThemes StoreBiz allows DOM-Based XSS.This issue affects StoreBiz: from n/a through 1.0.32."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/theme/storebiz/vulnerability/wordpress-storebiz-plugin-1-0-32-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-267xx/CVE-2025-26734.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-26734",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-03-27T14:15:53.443",
"lastModified": "2025-03-27T14:15:53.443",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in peregrinethemes Hester allows Stored XSS.This issue affects Hester: from n/a through 1.1.10."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/theme/hester/vulnerability/wordpress-hester-plugin-1-1-10-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-267xx/CVE-2025-26736.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-26736",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-03-27T14:15:53.593",
"lastModified": "2025-03-27T14:15:53.593",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in viktoras MorningTime Lite allows Stored XSS.This issue affects MorningTime Lite: from n/a through 1.3.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/theme/morningtime-lite/vulnerability/wordpress-morningtime-lite-theme-1-3-2-stored-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-267xx/CVE-2025-26737.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-26737",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-03-27T14:15:53.740",
"lastModified": "2025-03-27T14:15:53.740",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yudleethemes City Store allows DOM-Based XSS.This issue affects City Store: from n/a through 1.4.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/theme/city-store/vulnerability/wordpress-city-store-theme-1-4-5-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-267xx/CVE-2025-26738.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-26738",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-03-27T14:15:53.903",
"lastModified": "2025-03-27T14:15:53.903",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Graham Quick Interest Slider allows DOM-Based XSS.This issue affects Quick Interest Slider: from n/a through 3.1.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/quick-interest-slider/vulnerability/wordpress-quick-interest-slider-plugin-3-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

94
CVE-2025/CVE-2025-277xx/CVE-2025-27793.json Normal file
View File

@ -0,0 +1,94 @@
{
"id": "CVE-2025-27793",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-03-27T14:15:54.060",
"lastModified": "2025-03-27T14:15:54.060",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 5.32.0, corresponding to vega-functions prior to version 5.17.0, users running Vega/Vega-lite JSON definitions could run unexpected JavaScript code when drawing graphs, unless the library was used with the `vega-interpreter`. Vega version 5.32.0 and vega-functions version 5.17.0 fix the issue. As a workaround, use `vega` with expression interpreter."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-87"
}
]
}
],
"references": [
{
"url": "https://github.com/vega/vega/commit/694560c0aa576df8b6c5f0f7d202ac82233e6966",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/vega/vega/releases/tag/v5.32.0",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/vega/vega/security/advisories/GHSA-963h-3v39-3pqf",
"source": "security-advisories@github.com"
},
{
"url": "https://vega.github.io/vega/usage/interpreter",
"source": "security-advisories@github.com"
}
]
}

72
CVE-2025/CVE-2025-279xx/CVE-2025-27933.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-27933",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2025-03-21T09:15:13.260",
"lastModified": "2025-03-21T09:15:13.260",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T14:55:25.660",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
@ -49,12 +69,58 @@
"value": "CWE-863"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.11.0",
"versionEndExcluding": "9.11.9",
"matchCriteriaId": "57EEC13C-37D1-4FAA-B956-AC335CACA543"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.3.0",
"versionEndExcluding": "10.3.4",
"matchCriteriaId": "30CC0EAB-1BB6-44B7-8529-968C2D710750"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.4.0",
"versionEndExcluding": "10.4.3",
"matchCriteriaId": "F2ACE54D-3EC6-4AC9-B243-35E8FFBE0EA0"
}
]
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
"source": "responsibledisclosure@mattermost.com",
"tags": [
"Vendor Advisory"
]
}
]
}

18
CVE-2025/CVE-2025-27xx/CVE-2025-2787.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-2787",
"sourceIdentifier": "security@knime.com",
"published": "2025-03-26T21:15:23.167",
"lastModified": "2025-03-26T22:15:15.550",
"lastModified": "2025-03-27T14:15:54.580",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare ) vulnerability which affects the ingress-nginx component. In the worst case a complete takeover of the Kubernetes cluster is possible. Since the affected component is only reachable from within the cluster, i.e. requires an authenticated user, the severity in the context of KNIME Business Hub is slightly lower.\n\n\n\nBesides applying the publicly known workarounds, we strongly recommend updating to one of the following versions of KNIME Business Hub: \n\n\n\n * 1.13.3 or above \n\n\n\n\n\n\n * 1.12.4 or above \n\n\n\n\n\n\n * 1.11.4 or above \n\n\n\n\n\n\n * 1.10.4 or above\n\n\n\n\n\n\n\n\n *"
},
{
"lang": "es",
"value": "KNIME Business Hub se ve afectado por la vulnerabilidad Ingress-nginx CVE-2025-1974 (tambi\u00e9n conocida como IngressNightmare), que afecta al componente ingress-nginx. En el peor de los casos, es posible que el cl\u00faster de Kubernetes se apodere completamente de \u00e9l. Dado que el componente afectado solo es accesible desde dentro del cl\u00faster, es decir, requiere un usuario autenticado, la gravedad en el contexto de KNIME Business Hub es ligeramente menor. Adem\u00e1s de aplicar los workarounds conocidos, recomendamos encarecidamente actualizar a una de las siguientes versiones de KNIME Business Hub: * 1.13.3 o superior * 1.12.4 o superior * 1.11.4 o superior * 1.10.4 o superior *"
}
],
"metrics": {
@ -57,6 +61,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://www.knime.com/security/advisories",

43
CVE-2025/CVE-2025-283xx/CVE-2025-28361.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-28361",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-26T20:15:22.583",
"lastModified": "2025-03-26T20:15:22.583",
"lastModified": "2025-03-27T14:15:54.213",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthorized stack overflow vulnerability in Telesquare TLR-2005KSH v.1.1.4 allows a remote attacker to obtain sensitive information via the systemutil.cgi component."
},
{
"lang": "es",
"value": "Una vulnerabilidad de desbordamiento de pila no autorizado en Telesquare TLR-2005KSH v.1.1.4 permite que un atacante remoto obtenga informaci\u00f3n confidencial a trav\u00e9s del componente systemutil.cgi."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/wyq-zzu/excavate/blob/main/2/1.md",

14
CVE-2025/CVE-2025-28xx/CVE-2025-2831.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-2831",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-03-27T03:15:14.080",
"lastModified": "2025-03-27T03:15:14.080",
"lastModified": "2025-03-27T14:15:54.710",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as critical. This vulnerability affects the function getBookList of the file /admin/bookList?page=1&limit=10. The manipulation of the argument condition leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad en mingyuefusu ???? tushuguanlixitong ?????? hasta d4836f6b49cd0ac79a4021b15ce99ff7229d4694, clasificada como cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n getBookList del archivo /admin/bookList?page=1&amp;limit=10. La manipulaci\u00f3n de la condici\u00f3n del argumento provoca una inyecci\u00f3n SQL. El ataque puede iniciarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado."
}
],
"metrics": {
@ -59,7 +63,7 @@
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
@ -107,7 +111,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -136,6 +140,10 @@
{
"url": "https://vuldb.com/?submit.521458",
"source": "cna@vuldb.com"
},
{
"url": "https://gitee.com/mingyuefusu/tushuguanlixitong/issues/IBTSJL",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

14
CVE-2025/CVE-2025-28xx/CVE-2025-2832.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-2832",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-03-27T04:15:21.717",
"lastModified": "2025-03-27T04:15:21.717",
"lastModified": "2025-03-27T14:15:54.840",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en mingyuefusu ???? tushuguanlixitong ?????? hasta d4836f6b49cd0ac79a4021b15ce99ff7229d4694, clasificada como problem\u00e1tica. Este problema afecta a algunos procesos desconocidos. La manipulaci\u00f3n provoca cross-site request forgery. El ataque puede iniciarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado."
}
],
"metrics": {
@ -59,7 +63,7 @@
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
@ -107,7 +111,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -136,6 +140,10 @@
{
"url": "https://vuldb.com/?submit.521460",
"source": "cna@vuldb.com"
},
{
"url": "https://gitee.com/mingyuefusu/tushuguanlixitong/issues/IBTSPH",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

18
CVE-2025/CVE-2025-28xx/CVE-2025-2833.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-2833",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-03-27T04:15:23.847",
"lastModified": "2025-03-27T04:15:23.847",
"lastModified": "2025-03-27T14:15:54.967",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en zhangyd-c OneBlog hasta la versi\u00f3n 2.3.9. Se ha clasificado como problem\u00e1tica. Se ve afectada una funci\u00f3n desconocida del componente HTTP Header Handler. La manipulaci\u00f3n del argumento X-Forwarded-For genera una complejidad ineficiente en las expresiones regulares. Es posible ejecutar el ataque de forma remota. Se ha hecho p\u00fablico el exploit y puede que sea utilizado."
}
],
"metrics": {
@ -59,7 +63,7 @@
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
@ -107,7 +111,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -140,6 +144,14 @@
{
"url": "https://vuldb.com/?submit.521813",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/zhangyd-c/OneBlog/issues/35",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
},
{
"url": "https://github.com/zhangyd-c/OneBlog/issues/35#issue-2914268214",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

18
CVE-2025/CVE-2025-28xx/CVE-2025-2835.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-2835",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-03-27T04:15:25.520",
"lastModified": "2025-03-27T04:15:25.520",
"lastModified": "2025-03-27T14:15:55.103",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en zhangyd-c OneBlog hasta la versi\u00f3n 2.3.9. Se ha declarado problem\u00e1tica. Esta vulnerabilidad afecta a la funci\u00f3n autoLink del archivo com/zyd/blog/controller/RestApiController.java. La manipulaci\u00f3n provoca Server-Side Request Forgery. El ataque puede ejecutarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado."
}
],
"metrics": {
@ -59,7 +63,7 @@
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
@ -107,7 +111,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -136,6 +140,14 @@
{
"url": "https://vuldb.com/?submit.521815",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/zhangyd-c/OneBlog/issues/36",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
},
{
"url": "https://github.com/zhangyd-c/OneBlog/issues/36#issue-2923097259",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

149
CVE-2025/CVE-2025-28xx/CVE-2025-2846.json Normal file
View File

@ -0,0 +1,149 @@
{
"id": "CVE-2025-2846",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-03-27T13:15:36.663",
"lastModified": "2025-03-27T13:15:36.663",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects the function registration of the file /oews/classes/Users.php?f=registration of the component Registration. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad clasificada como cr\u00edtica en SourceCodester Online Eyewear Shop 1.0. Esta vulnerabilidad afecta el registro de la funci\u00f3n del archivo /oews/classes/Users.php?f=registration del componente Registration. La manipulaci\u00f3n del ID del argumento provoca una inyecci\u00f3n SQL. El ataque puede iniciarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"baseScore": 7.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/jeajeaa/cve/blob/main/sql.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.301492",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.301492",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.522326",
"source": "cna@vuldb.com"
},
{
"url": "https://www.sourcecodester.com/",
"source": "cna@vuldb.com"
}
]
}

145
CVE-2025/CVE-2025-28xx/CVE-2025-2847.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2025-2847",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-03-27T13:15:37.030",
"lastModified": "2025-03-27T13:15:37.030",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. This issue affects some unknown processing of the file /dashboard/admin/over_month.php. The manipulation of the argument mm leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad clasificada como cr\u00edtica en Codezips Gym Management System 1.0. Este problema afecta a un procesamiento desconocido del archivo /dashboard/admin/over_month.php. La manipulaci\u00f3n del argumento mm provoca una inyecci\u00f3n SQL. El ataque podr\u00eda iniciarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseScore": 6.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.301493",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.301493",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.522330",
"source": "cna@vuldb.com"
},
{
"url": "https://www.yuque.com/baimatangseng-iyusa/qwwm81/zbefafzyl0of6g56?singleDoc",
"source": "cna@vuldb.com"
}
]
}

157
CVE-2025/CVE-2025-28xx/CVE-2025-2849.json Normal file
View File

@ -0,0 +1,157 @@
{
"id": "CVE-2025-2849",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-03-27T14:15:55.303",
"lastModified": "2025-03-27T14:15:55.303",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0. Affected is the function PackLinuxElf64::un_DT_INIT of the file src/p_lx_elf.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The patch is identified as e0b6ff192412f5bb5364c1948f4f6b27a0cd5ea2. It is recommended to apply a patch to fix this issue."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"baseScore": 3.3,
"baseSeverity": "LOW",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P",
"baseScore": 1.7,
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "LOW",
"exploitabilityScore": 3.1,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://github.com/upx/upx/commit/e0b6ff192412f5bb5364c1948f4f6b27a0cd5ea2",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/upx/upx/issues/898",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/upx/upx/issues/898#issuecomment-2734082143",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/user-attachments/files/19307868/input.zip",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.301494",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.301494",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.522371",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/upx/upx/issues/898#issuecomment-2734082143",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

145
CVE-2025/CVE-2025-28xx/CVE-2025-2852.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2025-2852",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-03-27T14:15:55.527",
"lastModified": "2025-03-27T14:15:55.527",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in SourceCodester Food Ordering Management System up to 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/menus/view_menu.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"baseScore": 5.8,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.4,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://hackmd.io/@gnol719/rJqOPiInye",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.301495",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.301495",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.522402",
"source": "cna@vuldb.com"
},
{
"url": "https://www.sourcecodester.com/",
"source": "cna@vuldb.com"
}
]
}

29
CVE-2025/CVE-2025-28xx/CVE-2025-2857.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2025-2857",
"sourceIdentifier": "security@mozilla.org",
"published": "2025-03-27T14:15:55.720",
"lastModified": "2025-03-27T14:15:55.720",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Following the sanbdox escape in CVE-2025-2783, various Firefox developers identified a similar pattern in our IPC code. Attackers were able to confuse the parent process into leaking handles into unpriviled child processes leading to a sandbox escape. \nThe original vulnerability was being exploited in the wild. \n*This only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 136.0.4, Firefox ESR < 128.8.1, and Firefox ESR < 115.21.1."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1956398",
"source": "security@mozilla.org"
},
{
"url": "https://issues.chromium.org/issues/405143032",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-19/",
"source": "security@mozilla.org"
}
]
}

56
CVE-2025/CVE-2025-28xx/CVE-2025-2867.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-2867",
"sourceIdentifier": "cve@gitlab.com",
"published": "2025-03-27T14:15:55.827",
"lastModified": "2025-03-27T14:15:55.827",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A specifically crafted issue could manipulate AI-assisted development features to potentially expose sensitive project data to unauthorized users."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/512509",
"source": "cve@gitlab.com"
}
]
}

43
CVE-2025/CVE-2025-300xx/CVE-2025-30073.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-30073",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-26T20:15:22.837",
"lastModified": "2025-03-26T20:15:22.837",
"lastModified": "2025-03-27T14:15:55.980",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OPC cardsystems Webapp Aufwertung 2.1.0. The reference assigned to transactions can be reused. When completing a payment, the first or all transactions with the same reference are completed, depending on timing. This can be used to transfer more money onto employee cards than is paid."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en OPC cardsystems Webapp Aufwertung 2.1.0. La referencia asignada a las transacciones puede reutilizarse. Al completar un pago, se completa la primera o todas las transacciones con la misma referencia, seg\u00fan el momento. Esto permite transferir m\u00e1s dinero del que se paga a las tarjetas de los empleados."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-488"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.syss.de/pentest-blog/businesslogik-fehler-bei-aufwertung-von-geldkarten-in-opcr-webapp-aufwertung-syss-2024-089",

72
CVE-2025/CVE-2025-301xx/CVE-2025-30179.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-30179",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2025-03-21T09:15:13.623",
"lastModified": "2025-03-21T09:15:13.623",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T14:45:47.520",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
@ -49,12 +69,58 @@
"value": "CWE-863"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.11.0",
"versionEndExcluding": "9.11.9",
"matchCriteriaId": "57EEC13C-37D1-4FAA-B956-AC335CACA543"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.3.0",
"versionEndExcluding": "10.3.4",
"matchCriteriaId": "30CC0EAB-1BB6-44B7-8529-968C2D710750"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.4.0",
"versionEndExcluding": "10.4.3",
"matchCriteriaId": "F2ACE54D-3EC6-4AC9-B243-35E8FFBE0EA0"
}
]
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
"source": "responsibledisclosure@mattermost.com",
"tags": [
"Vendor Advisory"
]
}
]
}

58
CVE-2025/CVE-2025-303xx/CVE-2025-30342.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-30342",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-21T06:15:26.510",
"lastModified": "2025-03-21T06:15:26.510",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T13:35:33.940",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
@ -49,12 +69,44 @@
"value": "CWE-79"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openslides:openslides:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.2.5",
"matchCriteriaId": "A9F2C3CC-918A-4329-A59D-DEFECC0489A1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.x41-dsec.de/lab/advisories/x41-2025-001-OpenSlides",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

58
CVE-2025/CVE-2025-303xx/CVE-2025-30343.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-30343",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-21T06:15:26.700",
"lastModified": "2025-03-21T06:15:26.700",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T14:00:35.087",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.3,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
@ -49,12 +69,44 @@
"value": "CWE-24"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openslides:openslides:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.2.5",
"matchCriteriaId": "A9F2C3CC-918A-4329-A59D-DEFECC0489A1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.x41-dsec.de/lab/advisories/x41-2025-001-OpenSlides",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

58
CVE-2025/CVE-2025-303xx/CVE-2025-30344.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-30344",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-21T06:15:26.900",
"lastModified": "2025-03-21T06:15:26.900",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T14:40:42.177",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 3.7,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},
@ -49,12 +69,44 @@
"value": "CWE-208"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openslides:openslides:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.2.5",
"matchCriteriaId": "A9F2C3CC-918A-4329-A59D-DEFECC0489A1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.x41-dsec.de/lab/advisories/x41-2025-001-OpenSlides",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

58
CVE-2025/CVE-2025-303xx/CVE-2025-30345.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-30345",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-21T06:15:27.090",
"lastModified": "2025-03-21T06:15:27.090",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T14:38:50.810",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4
}
]
},
@ -49,12 +69,44 @@
"value": "CWE-116"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openslides:openslides:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.2.5",
"matchCriteriaId": "A9F2C3CC-918A-4329-A59D-DEFECC0489A1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.x41-dsec.de/lab/advisories/x41-2025-001-OpenSlides",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

4
CVE-2025/CVE-2025-311xx/CVE-2025-31141.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page"
},
{
"lang": "es",
"value": "En JetBrains TeamCity antes de 2025.03, la excepci\u00f3n podr\u00eda provocar una fuga de credenciales en la p\u00e1gina perfiles de la nube"
}
],
"metrics": {

Some files were not shown because too many files have changed in this diff Show More